git://git.whamcloud.com - fs/lustre-release.git/commit

LU-4476 kernel: support process namespace containers

PID namespace was introduce to linux to allow the
migration of containers between hosts. This way running
processes could be migrated to a new machine without
interruption due to pid collisions. User namespace creates
a new enviroment for a exist process where in this new
namespace it will have different uid/gid. Outside that
namespace the default uid/gid. For example a unprivileged
application can create user namespace for itself which has
root privilages. Those privilages don't exist outside of
the created namespace. Both of these changed the traditonal
one to one kernel mapping for pids/gids has changed. Since
userland can now have multiple PID namespaces this means that
each namespace in userland could have the same pid assigned.
This is possible since each namespace will be isolated from
each other. In the case of User namespace the application can
report to the kernel its namespace uid/gid instead of its real
uid/gid. Since the same running kernel is used between all
namespaces on a host the pid/gid data that is pushed into a
kernel context will have to map to a unique pid/gid in kernel
space to avoid collisions. This very similar to Lustre using
FIDs to avoid inode collisions. An example of where the mapping
needs to take place are when pid/gid data is pushed via a ioctl.
Also the internal structures of the kernel store uid/gid in the
kernel internal format. Lastly even with lustre userland uid/gid
namespace being consistant to applications the transmitted
uid/gid will be represented in the kernel differently from
server to server. Lustre wire protocols transmitting uid/gid
must handle these cases.

Change-Id: I207492b9a8a762e43ac2dd8fd1fb1b7397505304
Signed-off-by: James Simmons <uja.ornl@gmail.com>
Reviewed-on: http://review.whamcloud.com/8817
Tested-by: Jenkins
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: Yang Sheng <yang.sheng@intel.com>
Reviewed-by: Niu Yawei <yawei.niu@intel.com>
Reviewed-by: Bob Glossman <bob.glossman@intel.com>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>

author	James Simmons <uja.ornl@gmail.com>
	Wed, 12 Feb 2014 21:27:17 +0000 (16:27 -0500)
committer	Oleg Drokin <oleg.drokin@intel.com>
	Fri, 4 Apr 2014 02:34:00 +0000 (02:34 +0000)
commit	99727c7a1a4f4100361f79bf185cb34b70b67d99
tree	6b28eba16ce13ce2ae6d6d828be25bd60e04922f	tree \| snapshot
parent	96f482b509867bb70cc26e94e60903df82b09f30	commit \| diff

libcfs/autoconf/lustre-libcfs.m4		diff \| blob \| history
libcfs/include/libcfs/curproc.h		diff \| blob \| history
libcfs/include/libcfs/linux/linux-prim.h		diff \| blob \| history
libcfs/libcfs/darwin/darwin-curproc.c		diff \| blob \| history
libcfs/libcfs/linux/linux-module.c		diff \| blob \| history
libcfs/libcfs/user-prim.c		diff \| blob \| history
libcfs/libcfs/winnt/winnt-curproc.c		diff \| blob \| history
lustre/llite/dir.c		diff \| blob \| history
lustre/llite/file.c		diff \| blob \| history
lustre/llite/llite_lib.c		diff \| blob \| history
lustre/llite/lproc_llite.c		diff \| blob \| history
lustre/llite/namei.c		diff \| blob \| history
lustre/llite/remote_perm.c		diff \| blob \| history
lustre/llite/vvp_object.c		diff \| blob \| history
lustre/lmv/lmv_obd.c		diff \| blob \| history
lustre/mdc/mdc_lib.c		diff \| blob \| history
lustre/mdc/mdc_request.c		diff \| blob \| history
lustre/mdt/mdt_idmap.c		diff \| blob \| history
lustre/mdt/mdt_lib.c		diff \| blob \| history
lustre/obdclass/class_obd.c		diff \| blob \| history
lustre/obdclass/idmap.c		diff \| blob \| history
lustre/obdclass/linux/linux-obdo.c		diff \| blob \| history
lustre/obdclass/obdo.c		diff \| blob \| history
lustre/obdecho/echo_client.c		diff \| blob \| history
lustre/ptlrpc/sec.c		diff \| blob \| history
lustre/target/tgt_handler.c		diff \| blob \| history